Biometric recognition refers to the use of distinctive physiological (e.g., fingerprints, face, retina, iris) and behavioral (e.g., gait, signature) characteristics, called biometric identifiers (or simply biometrics) for automatically recognizing individuals. Because biometric identifiers cannot be easily misplaced, forged, or shared, they are considered more reliable for person recognition than traditional token- or knowledge-based methods. Specific applications where biometric identification is particularly useful include authentication and access control.
In the specific case of fingerprint recognition used for authentication of a person of interest, a management entity has knowledge of a target fingerprint image associated with the person of interest. When an individual who purports to be the person of interest provides a donor finger for scanning, the management entity compares the image of the donor finger with the target fingerprint image. In conventional automated fingerprint recognition, a search is done for matching features, or minutiae, in the two images. Examples of minutiae include core, delta, hook, ridge, bifurcation, island, lake, whorl, etc. For more information regarding fingerprint recognition in general, the reader is referred to D. Maltoni et al., “Handbook of Fingerprint Recognition”, Springer-Verlag, 2003, hereby incorporated by reference herein.
To accelerate both the transfer of the image of the donor finger to the management entity as well as the comparison process itself, the image may be encoded into a string of characters. Specifically, a feature extraction process is performed, whereby the minutiae are first located in the image and then the locations of the minutiae and their type (ridge, island, etc.) are placed into an alphanumeric code. A similar code will have been previously generated by the management entity on the basis of the target fingerprint image. Thus, the authentication process consists of comparing the received code with the code stored at the management entity. A similar process occurs for access control to a facility, only the number of codes stored at the management entity may be far greater, since the identity of the purported donor is unknown a priori.
While the aforementioned technique can work well in theory, there are practical considerations which compound and possibly even overshadow the technical difficulties associated with being able to accurately locate minutiae in a fingerprint image. Specifically, upon recognizing that the code produced from a fingerprint image encodes certain salient structural features (i.e., the minutiae), a malicious user having access solely to the alphanumeric code may be capable of partly reproducing the fingerprint image. This may violate certain privacy statutes relating to the communication or storage of an individual's personal information. Moreover, the problem does not dissipate by merely encrypting the code, since a sufficiently malicious user may be able to learn the necessary decryption method and hence gain knowledge of the minutiae.
Clearly, therefore, a need exists in the industry for an improved technique to generate a code from an image of a skin-covered body part such as a finger, in such a way that reconstruction of minutiae or other salient structural features of the image will not be possible on the basis of the code alone.